Gridinsoft Logo
File Icon

ToolUnlock_v8.6.exe Trojan Wacatac Analysis

Updated 2 months ago
Checked by Malware Check
ToolUnlock_v8.6.exe

Technical Analysis

File Name ToolUnlock_v8.6.exe
File Type
PE32+ executable (GUI) x86-64, for MS Windows
Scanner Version 1.0.228.174
Database Version 2025-10-22 14:00:16 UTC

Trojan.Win64.Wacatac.bot

Malware family: Wacatac

Wacatac malware demonstrates multiple malicious capabilities including data theft, system compromise, and secondary payload deployment. It can download additional malware components including ransomware to extend attack impact.
N/A
Detection Rate
4,114,048
File Size (bytes)
2025-10-22
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
01e68b9d3594b039f72b86977f8fb492
SHA1
4a4770d90385fc78e10f96279c1eedcfbaabe214
SHA256
29e1cfd55163a94497999f739cf0f6d2859cb1c857f2bf960e059c1c07b131f0
SHA512
b04b0458206e80c8d4057c767571e5f3b7ceacf6a419d0077146e266cf364d90fcb5fc504390ab95ed67e90882e92a862069718964f3103db414abfe1e2dfccb
ImpHash
d42595b695fc008ef2c56aabd8efd68e

PE Analysis

Basic Information

Icon
Hash: c42b4a0735885b5078ddc5ab44b8585b
Fuzzy: 18db506202d6912bcd6201ca7b643220
dHash: 0011cc3333ccd400
Image Base 0x00400000
Entry Point 0x00472040
Compilation Time 1970-01-01 00:00:00
Checksum 0x003f4a0c (Actual: 0x003f4a0c)
OS Version 6.1
PEiD Signatures PE32+ executable (GUI) x86-64, for MS Windows
Digital Signature The expected hash does not match the digest in SpcInfo
Imports 1 libraries
kernel32
Exports 0 functions
Resources 22 Resources
Sections 9 Sections

Version Information

CompanyName GlassWire
FileDescription GlassWire Setup
FileVersion 3,7,880,0
LegalCopyright (c) 2025 GlassWire
OriginalFilename glasswire-setup-3.7.880.0-full.exe
ProductName GlassWire
ProductVersion 3,7,880,0
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 1,392,529 bytes 1,392,640 bytes 6.28 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 4F466DD28046D1E624E1FB423B4F9242
.rdata 0x00155000 2,062,528 bytes 2,062,848 bytes 6.36 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ AFB0E0CAAB8A93AF70FD802A65C2738A
.data 0x0034d000 360,384 bytes 61,440 bytes 4.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE CFE1F538B4C4B90EC20CAA8564C02084
.pdata 0x003a5000 53,340 bytes 53,760 bytes 5.38 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ F9CB3E95FF4B491089E133BB3D0E7E07
.xdata 0x003b3000 180 bytes 512 bytes 1.78 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ A2420CD63E7EB3979669C31F37E5605A
.idata 0x003b4000 1,342 bytes 1,536 bytes 3.98 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D4601C8590885B0F5020FD71AEA71D44
.reloc 0x003b5000 28,784 bytes 29,184 bytes 5.44 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 0BA43C4B4ED6B71717023DF16E2DEAE3
.symtab 0x003bd000 269,512 bytes 269,824 bytes 5.10 (Normal) IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 82D51050D4D46619FD9A85E670D230E6
.rsrc 0x003ff000 228,596 bytes 228,864 bytes 4.87 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 67B209E956F5B544F19421688557F658

Resource Analysis

Total Resources: 22 (227,375 bytes)
Resource Type Count Total Size Percentage
RT_BITMAP 1 1,638 bytes
0.7%
RT_ICON 11 222,941 bytes
98%
RT_DIALOG 7 1,938 bytes
0.9%
RT_GROUP_ICON 2 166 bytes
0.1%
RT_VERSION 1 692 bytes
0.3%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

The expected hash does not match the digest in SpcInfo

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Trojan.Win64.Wacatac.bot Removal

Gridinsoft has the capability to identify and eliminate Trojan.Win64.Wacatac.bot without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for
/

Gridinsoft Anti-Malware

Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware

Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!

Gridinsoft Anti-Malware Download Now
Gridinsoft Anti-Malware